add user_agent test, fix get_client_parameters tests

2026-03-16 22:30:23 +00:00 · 2022-11-24 14:11:17 +01:00 · 2022-11-24 14:11:17 +01:00 · f2d3009279
commit f2d3009279
parent a39ba7474b
2 changed files with 19 additions and 7 deletions
--- a/tests/test_helpers.py
+++ b/tests/test_helpers.py
@ -329,7 +329,7 @@ class ClientParametersTestCase(AxesTestCase):
    def test_get_filter_kwargs_ip_and_agent(self):
        self.assertEqual(
            get_client_parameters(self.username, self.ip_address, self.user_agent),
-            [{"ip_address": self.ip_address}, {"user_agent": self.user_agent}],
+            [{"ip_address": self.ip_address, "user_agent": self.user_agent}],
        )

    @override_settings(
@ -341,8 +341,7 @@ class ClientParametersTestCase(AxesTestCase):
        self.assertEqual(
            get_client_parameters(self.username, self.ip_address, self.user_agent),
            [
-                {"username": self.username, "ip_address": self.ip_address},
-                {"user_agent": self.user_agent},
+                {"username": self.username, "ip_address": self.ip_address, "user_agent": self.user_agent},
            ],
        )

--- a/tests/test_login.py
+++ b/tests/test_login.py
@ -86,7 +86,7 @@ class DatabaseLoginTestCase(AxesTestCase):
    ALLOWED = 302
    BLOCKED = 403

-    def _login(self, username, password, ip_addr="127.0.0.1", **kwargs):
+    def _login(self, username, password, ip_addr="127.0.0.1", user_agent="test-browser", **kwargs):
        """
        Login a user and get the response.

@ -101,13 +101,13 @@ class DatabaseLoginTestCase(AxesTestCase):
            reverse("admin:login"),
            post_data,
            REMOTE_ADDR=ip_addr,
-            HTTP_USER_AGENT="test-browser",
+            HTTP_USER_AGENT=user_agent,
        )

-    def _lockout_user_from_ip(self, username, ip_addr):
+    def _lockout_user_from_ip(self, username, ip_addr, user_agent="test-browser"):
        for _ in range(settings.AXES_FAILURE_LIMIT):
            response = self._login(
-                username=username, password=self.WRONG_PASSWORD, ip_addr=ip_addr
+                username=username, password=self.WRONG_PASSWORD, ip_addr=ip_addr, user_agent=user_agent,
            )
        return response

@ -368,6 +368,19 @@ class DatabaseLoginTestCase(AxesTestCase):
        response = self.client.get(reverse("admin:login"), REMOTE_ADDR=self.IP_1)
        self.assertContains(response, self.LOGIN_FORM_KEY, status_code=200, html=True)

+    @override_settings(AXES_USE_USER_AGENT=True)
+    def test_lockout_by_user_still_allows_login_with_differnet_user_agent(self):
+        # User with empty username is locked out with "test-browser" user agent.
+        self._lockout_user_from_ip(username="username", ip_addr=self.IP_1, user_agent="test-browser")
+
+        # Test he is locked:
+        response = self._login("username", self.VALID_PASSWORD, ip_addr=self.IP_1, user_agent="test-browser")
+        self.assertEqual(response.status_code, self.BLOCKED)
+
+        # Test with another user agent:
+        response = self._login("username", self.VALID_PASSWORD, ip_addr=self.IP_1, user_agent="test-browser-2")
+        self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED)
+
    # Test for true and false positives when blocking by IP *OR* user (default)
    # With cache enabled. Default criteria.
    def test_lockout_by_ip_blocks_when_same_user_same_ip_using_cache(self):